A High-Severity Heap Buffer Overflow vulnerability was recently fixed in a patch by Openssl Project. This vulnerability affects the remote SSL servers that support the ChaCha20-Poly1305 cipher suite, and can be exploited to crash the SSL service.
This High-Severity Heap Buffer Overflow vulnerability (CVE-2016-7054) is caused by an error when the ChaCha20-Poly1305 cipher suite is decrypting large amounts of application data. We will examine the root cause of this vulnerability in this post.
The ChaCha20-Poly1305 cipher suite is...